Home > CAPEC List > Reports > Differences between 2.8 and 2.9 Content  

Differences between 2.8 and 2.9 Content

Summary
Summary
Total (2.9) 609
Total (2.8) 604
Attack Patterns
New Patterns Added 5
Existing Patterns Modified with Enhanced Material 67
Patterns Deprecated 6
Categories
Existing Categories Modified with Enhanced Material 15
Categories Deprecated 7
Views
Existing Views Modified with Enhanced Material 2
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added 3
CAPEC -> CWE Mappings Removed 3

Summary of Entry Types

Type 2.8 2.9
Views 9 9
Categories 56 49
Attack Patterns 504 503
Deprecated 35 48

Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-594 Traffic Injection
CAPEC-595 Connection Reset
CAPEC-596 TCP RST Injection
CAPEC-597 Absolute Path Traversal
CAPEC-598 DNS Spoofing

Existing Patterns Modified with Enhanced Material
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-11 Cause Web Server Misclassification
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Non-Script Elements
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-26 Leveraging Race Conditions
CAPEC-27 Leveraging Race Conditions via Symbolic Links
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-30 Hijacking a Privileged Thread of Execution
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-62 Cross Site Request Forgery
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-65 Sniff Application Code
CAPEC-67 String Format Overflow in syslog()
CAPEC-68 Subvert Code-signing Facilities
CAPEC-69 Target Programs with Elevated Privileges
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-74 Manipulating User State
CAPEC-76 Manipulating Web Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-96 Block Access to Libraries
CAPEC-100 Overflow Buffers
CAPEC-106 Cross Site Scripting through Log Files
CAPEC-123 Buffer Manipulation
CAPEC-124 Shared Data Manipulation
CAPEC-126 Path Traversal
CAPEC-128 Integer Attacks
CAPEC-129 Pointer Manipulation
CAPEC-139 Relative Path Traversal
CAPEC-141 Cache Poisoning
CAPEC-142 DNS Cache Poisoning
CAPEC-146 XML Schema Poisoning
CAPEC-149 Explore for Predictable Temporary File Names
CAPEC-153 Input Data Manipulation
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-161 Infrastructure Manipulation
CAPEC-162 Manipulating Hidden Fields
CAPEC-163 Spear Phishing
CAPEC-164 Mobile Phishing
CAPEC-165 File Manipulation
CAPEC-166 Force the System to Reset Values
CAPEC-170 Web Application Fingerprinting
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-224 Fingerprinting
CAPEC-234 Hijacking a privileged process
CAPEC-235 Implementing a callback to system routine (old AWT Queue)
CAPEC-236 Catching exception throw/signal from privileged block
CAPEC-248 Command Injection
CAPEC-267 Leverage Alternate Encoding
CAPEC-268 Audit Log Manipulation
CAPEC-271 Schema Poisoning
CAPEC-462 Cross-Domain Search Timing
CAPEC-490 Amplification
CAPEC-536 Data Injected During Configuration

Patterns Deprecated
CAPEC-171 Variable Manipulation
CAPEC-213 DEPRECATED: Directory Traversal
CAPEC-257 Abuse of Transaction Data Structure
CAPEC-264 Environment Variable Manipulation
CAPEC-265 Global variable manipulation
CAPEC-266 Manipulate Canonicalization
Category Changes
Category Changes
New Categories Added

Existing Categories Modified with Enhanced Material
CAPEC-118 Collect and Analyze Information
CAPEC-152 Inject Unexpected Items
CAPEC-156 Engage in Deceptive Interactions
CAPEC-172 Manipulate Timing and State
CAPEC-210 Abuse Existing Functionality
CAPEC-223 Employ Probabilistic Techniques
CAPEC-225 Subvert Access Control
CAPEC-255 Manipulate Data Structures
CAPEC-262 Manipulate System Resources
CAPEC-339 WASC-06 - Format String
CAPEC-340 WASC-07 - Buffer Overflow
CAPEC-343 WASC-10 - Denial of Service
CAPEC-378 WASC-45 - Fingerprinting
CAPEC-512 Communications
CAPEC-513 Software

Categories Deprecated
CAPEC-119 Deplete Resources
CAPEC-232 Exploitation of Authorization
CAPEC-281 Analyze Target
CAPEC-436 Gain Physical Access
CAPEC-525 Execute Code
CAPEC-526 Alter System Components
CAPEC-527 Manipulate System Users
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material
CAPEC-333 WASC Threat Classification 2.0
CAPEC-1000 Mechanisms of Attack

Views Deprecated
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-126 Path Traversal
  --> CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC-139 Relative Path Traversal
  --> CWE-23 Relative Path Traversal
CAPEC-597 Absolute Path Traversal
  --> CWE-36 Absolute Path Traversal

CAPEC --> CWE Mappings Removed
CAPEC-28 Fuzzing
  --> CWE-728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
CAPEC-139 Relative Path Traversal
  --> CWE-20 Improper Input Validation
  --> CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC --> CAPEC Mappings Added

CAPEC --> CAPEC Mappings Removed

More information is available — Please select a different filter.
Page Last Updated or Reviewed: January 10, 2017